Configure Sumo Logic Installed Collector and Syslog Source

Configure a Syslog Source. For protocol, use TCP.
Note the Port number, as you will need this to configure Zscaler NSS.

Also, when you configure the Syslog Source, we recommend that you use the Source Category security_zscaler.

Configure Zscaler NSS

Zscaler offers a virtual appliance, called Nanolog Streaming Service (NSS) to stream web logs to external SIEM via syslog. NSS is maintained and distributed by Zscaler as an Open Virtual Application (OVA).